chore(deps): update uv: bump the uv-version-updates group across 1 directory with 8 updates

[dependabot]

Bumps the uv-version-updates group with 7 updates in the / directory:

Package	From	To
fastmcp	2.13.1	2.13.3
boto3	1.42.1	1.42.2
mypy	1.18.2	1.19.0
commitizen	4.9.1	4.10.0
pre-commit	4.4.0	4.5.0
ruff	0.14.4	0.14.7
pytest	8.4.2	9.0.1

Updates fastmcp from 2.13.1 to 2.13.3

Release notes

Sourced from fastmcp's releases.

v2.13.3: Pin-ish Line

MCP SDK 1.23 introduced some changes related to the 11/25/25 MCP protocol update that break some patches/workarounds that FastMCP had implemented previously. In particular, OAuth changes in the new protocol changed some implementation details that FastMCP patched; as such 1.23 is not necessarily a breaking SDK change but it is "breaking" for certain FastMCP behaviors.

As a precaution, this release pins mcp<1.23. FastMCP 2.14 will introduce 11/25/25 support (and require mcp>=1.23).

v2.13.2: Refreshing Changes

FastMCP 2.13.2 polishes the authentication stack with fixes for token refresh, scope handling, and multi-instance deployments. Discord joins the growing roster of built-in OAuth providers, Azure and Google token handling gets more reliable, and proxy classes now properly forward icons and titles. This release also adds CSP customization for consent screens and fixes an edge case where $defs could mutate during tool transforms.

Welcome to 7 new contributors who made their first FastMCP contributions in this release!

What's Changed

New Features 🎉

• Add Discord OAuth provider and corresponding tests by @​Aisha630 in jlowin/fastmcp#2428

Enhancements 🔧

• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in jlowin/fastmcp#2433
• feat: Made Changes to DescopeProvider to Support New Well Known URLs by @​gaokevin1 in jlowin/fastmcp#2392
• Scalekit provider updates by @​AkshayParihar33 in jlowin/fastmcp#2413
• Add consent_csp_policy parameter for CSP customization by @​jlowin in jlowin/fastmcp#2484
• Add icons support to proxy classes by @​jlowin in jlowin/fastmcp#2502

Fixes 🐞

• Add refresh token support defaults to GoogleProvider by @​jlowin in jlowin/fastmcp#2438
• Fix exclude_args with non-serializable types by @​jlowin in jlowin/fastmcp#2440
• Fix Azure OAuth token refresh with unprefixed scopes by @​Neet-Nestor in jlowin/fastmcp#2462
• fix: prevent $defs mutation in Tool.from_tool transforms by @​jtanningbed in jlowin/fastmcp#2493
• Add title attribute to ProxyTool, ProxyResource, … by @​CNSeniorious000 in jlowin/fastmcp#2497
• Fix OAuth proxy refresh token storage for multi-instance deployments by @​jlowin in jlowin/fastmcp#2483
• Fix get_access_token() returning stale token after OAuth refresh by @​jlowin in jlowin/fastmcp#2505
• Fix version badges for icons and website_url; add Discord example by @​jlowin in jlowin/fastmcp#2509
• Fix Azure provider OIDC scope handling by @​jlowin in jlowin/fastmcp#2506

Docs 📚

• Update http.mdx by @​Shengshenlan in jlowin/fastmcp#2446
• Fix version number in VersionBadge: change 2.14.0 to 2.13.0 by @​ShaikAyesha17 in jlowin/fastmcp#2491
• Add Discord OAuth integration documentation by @​jlowin in jlowin/fastmcp#2508

Dependencies 📦

• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jlowin/fastmcp#2432
• Bump py-key-value-aio to 0.3.0 by @​strawgate in jlowin/fastmcp#2437
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in jlowin/fastmcp#2474

Other Changes 🦾

• Add extra_authorize_params and extra_token_params to OIDCProxy by @​jlowin in jlowin/fastmcp#2439

New Contributors

• @​Neet-Nestor made their first contribution in jlowin/fastmcp#2462
• @​Shengshenlan made their first contribution in jlowin/fastmcp#2446
• @​gaokevin1 made their first contribution in jlowin/fastmcp#2392
• @​ShaikAyesha17 made their first contribution in jlowin/fastmcp#2491
• @​jtanningbed made their first contribution in jlowin/fastmcp#2493
• @​CNSeniorious000 made their first contribution in jlowin/fastmcp#2497
• @​Aisha630 made their first contribution in jlowin/fastmcp#2428

... (truncated)

Commits

• 08d26ee Pin mcp<1.23 to avoid SDK breaking changes
• 9c21754 Fix Azure provider OIDC scope handling (#2506)
• 83085c3 Fix version badges for icons and website_url; add Discord example (#2509)
• aa53bdf Add Discord OAuth integration documentation (#2508)
• e1d41f5 Add Discord OAuth provider and corresponding tests (#2428)
• 246a0ad Fix get_access_token() returning stale token after OAuth refresh (#2505)
• 01ecc91 Fix OAuth proxy refresh token storage for multi-instance deployments (#2483)
• 3341c0c Add icons support to proxy classes (#2502)
• adbb7d6 Add title attribute to ProxyTool, ProxyResource, … (#2497)
• ba69fba Add consent_csp_policy parameter for CSP customization (#2484)
• Additional commits viewable in compare view

Updates boto3 from 1.42.1 to 1.42.2

Commits

• cc95ab6 Merge branch 'release-1.42.2'
• 8f7ba80 Bumping version to 1.42.2
• 119aff9 Add changelog entries from botocore
• 71a06cf Merge branch 'release-1.42.1' into develop
• See full diff in compare view

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

• Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
• Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

Mypy now has an extra dependency on the librt PyPI package, as it's needed for cache serialization and deserialization.

Mypy ships with a tool to convert fixed-format cache files to the old JSON format. Example of how to use this:

$ python -m mypy.exportjson .mypy_cache/.../my_module.data.ff

... (truncated)

Commits

• 0f068c9 Remove +dev
• 6d5cf52 Various updates to 1.19 changelog (#20304)
• 3c81308 Add draft version of 1.19 release notes (#20296)
• 1999a20 [mypyc] librt base64: use existing SIMD CPU dispatch by customizing build fla...
• 1b94fbb [mypyc] Fix vtable pointer with inherited dunder new (#20302)
• 13369cb [mypyc] Fix crash on super in generator (#20291)
• a087a58 Update import map when new modules added (#20271)
• 35e843c [mypyc] Add efficient librt.base64.b64decode (#20263)
• 094f66d [mypyc] Add repr to AssignmentTarget subclasses (#20258)
• 0738db3 Do not push partial types to the binder (#20202)
• Additional commits viewable in compare view

Updates commitizen from 4.9.1 to 4.10.0

Release notes

Sourced from commitizen's releases.

v4.10.0 (2025-11-10)

Feat

• add config option for line length warning
• conventional_commits: allow exclamation in title on BC
• version: add the ability to just print major or minor version
• allow amend! prefix as created by git --fixup=reword:<commit>

Fix

• commands/version: add missing return
• test: set terminal width for cli tests
• Init: raise InitFailedError on keyboard interrupt on pre-commit hook question, simplify logic, remove unreachable code path

Refactor

• bump: cleanup related to update_version_file
• RestructuredTest: rename variable, fix typo and remove unnecessary string copy
• TomlConfig: minor cleanups for DX
• Commit: refactor _prompt_commit_questions and fix some type hint
• hooks: refactor to improve readability
• Init: make project_info a module and remove self.project_info
• BaseConfig: update docstring, extract factory method and remove unnecessary variable assignment
• remove self.encoding for better maintainability
• utils: make get_backup_file_path to return a path for semantic correctness
• remove unnecessary class member tag_format
• Bump: remove use of getattr
• ConventionalCommitsCz: rewrite message method to make the pattern more clear
• cmd: unnest try except
• BaseCommitizen: remove NotImplementedError and make them abstract method
• BaseCommitizen: construct Style object directly to get rid of potential type error

[master 9f3ec868] bump: version 4.9.1 → 4.10.0 4 files changed, 37 insertions(+), 4 deletions(-)

Changelog

Sourced from commitizen's changelog.

v4.10.0 (2025-11-10)

Feat

• add config option for line length warning
• conventional_commits: allow exclamation in title on BC
• version: add the ability to just print major or minor version
• allow amend! prefix as created by git --fixup=reword:<commit>

Fix

• commands/version: add missing return
• test: set terminal width for cli tests
• Init: raise InitFailedError on keyboard interrupt on pre-commit hook question, simplify logic, remove unreachable code path

Refactor

• bump: cleanup related to update_version_file
• RestructuredTest: rename variable, fix typo and remove unnecessary string copy
• TomlConfig: minor cleanups for DX
• Commit: refactor _prompt_commit_questions and fix some type hint
• hooks: refactor to improve readability
• Init: make project_info a module and remove self.project_info
• BaseConfig: update docstring, extract factory method and remove unnecessary variable assignment
• remove self.encoding for better maintainability
• utils: make get_backup_file_path to return a path for semantic correctness
• remove unnecessary class member tag_format
• Bump: remove use of getattr
• ConventionalCommitsCz: rewrite message method to make the pattern more clear
• cmd: unnest try except
• BaseCommitizen: remove NotImplementedError and make them abstract method
• BaseCommitizen: construct Style object directly to get rid of potential type error

Commits

• 9f3ec86 bump: version 4.9.1 → 4.10.0
• 7018c78 fix(commands/version): add missing return
• a85ab5e style: unify YAML quotes style
• f31db0d docs(config): add message length limit configuration option
• e6bcb1a feat: add config option for line length warning
• 31b1309 test: replace tmpdir with tmppath
• a31df00 test: simplify assertion
• 0e94970 refactor(bump): cleanup related to update_version_file
• 327677a fix(test): set terminal width for cli tests
• d895b47 feat(conventional_commits): allow exclamation in title on BC
• Additional commits viewable in compare view

Updates pre-commit from 4.4.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates ruff from 0.14.4 to 0.14.7

Release notes

Sourced from ruff's releases.

0.14.7

Release Notes

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

Install ruff 0.14.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)

... (truncated)

Commits

• ecab623 Bump 0.14.7 (#21684)
• 42f1521 [ty] Generic types aliases (implicit and PEP 613) (#21553)
• 594b7b0 [ty] Preserve quoting style when autofixing TypedDict keys (#21682)
• b5b4917 [ty] Fix override of final method summary (#21681)
• 0084e94 [ty] Fix subtyping of type[Any] / type[T] and protocols (#21678)
• 566c959 [ty] Rename ReferenceRequestHandler file (#21680)
• 8bcfc19 [ty] Implement typing.final for methods (#21646)
• c534bfa [ty] Implement patterns and typevars in the LSP (#21671)
• 5e1b2ee [ty] implement rendering of .. code:: lang in docstrings (#21665)
• 98681b9 [ty] Add db parameter to Parameters::new method (#21674)
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.1

Release notes

Sourced from pytest's releases.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

• #1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
  for path in Path.cwd().glob("*.py"):
  with subtests.test(path=str(path)):
  assert contains_docstring(path)

... (truncated)

Commits

• d1b64aa Prepare release version 9.0.1
• 0a497c7 regendoc: remove CI environment variables (#13950) (#13951)
• a9f7e6e 🧪 Run gh release w/o Git in CI/CD (#13942) (#13947)
• 2682a66 Merge pull request #13944 from pytest-dev/patchback/backports/9.0.x/bef7d34f1...
• a999997 Merge pull request #13941 from nicoddemus/min-pre-commit-version
• 4bd63a0 Merge pull request #13935 from pytest-dev/patchback/backports/9.0.x/ce8b8a7b4...
• 15f93b3 Merge pull request #13933 from webknjaz/maintenance/tox-pep517-env-setuptools...
• 0fa11ae Merge pull request #13927 from pytest-dev/patchback/backports/9.0.x/3d8075743...
• fa45470 Merge pull request #13926 from pytest-dev/patchback/backports/9.0.x/d587e0cf8...
• b4e3973 Merge pull request #13922 from bluetech/fix-argparse-userwarning
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.2.0 to 1.3.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.3.0

1.3.0 - 2025-11-10

Removed

• Support for Python 3.9 (#1278)

Added

• Support for pytest 9 (#1279)

Notes for Downstream Packagers

• Tested Python versions include free threaded Python 3.14t (#1274)
• Tests are run in the same pytest process, instead of spawning a subprocess with pytest.Pytester.runpytest_subprocess. This prevents the test suite from accidentally using a system installation of pytest-asyncio, which could result in test errors. (#1275)

Commits

• 2e9695f docs: Compile changelog for v1.3.0
• dd0e9ba docs: Reference correct issue in news fragment.
• 4c31abe Build(deps): Bump nh3 from 0.3.1 to 0.3.2
• 13e9477 Link to migration guides from changelog
• 4d2cf3c tests: handle Python 3.14 DefaultEventLoopPolicy deprecation warnings
• ee3549b test: Remove obsolete test for the event_loop fixture.
• 7a67c82 tests: Fix failing test by preventing warning conversion to error.
• a17b689 test: add pytest config to isolated test directories
• 18afc9d fix(tests): replace runpytest_subprocess with runpytest
• cdc6bd1 Add support for pytest 9 and drop Python 3.9 support
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions